WS-KCNHUB/machines/kcnhub/servers/gitea.nix

{ pkgs, config, ...}: let
  # Domain TBD
  domain = "git.ws.kcnhub.com";
in {
  services.gitea = {
    enable = true;
    database = {
      type = "postgres";
      socket = "/run/postgresql";
    };
    settings = {
      server = {
        HTTP_PORT = 5000;
        ROOT_URL = "https://${domain}";
      };
      actions = {
        ENABLED = true;
      };
      service.DISABLE_REGISTRATION = true;
    };
  };

  # To allow gitea to access /etc/shadow for PAM authentication
  users.users.gitea.extraGroups = [ "shadow" ];

  # Services Runner running in nixos-container w/ host label
  # This allows sharing of nix-store for caching actions builds
  # ... Maybe I'll actually set this up. Some concern for clearing its
  # cache and it overpopulating. Idk. We'll see.
  # services.gitea-actions-runner.instances."nix-runner" = {
  #   enable = true;
  #   name = "nix-runner";
  #   url = "http://localhost:${config.services.gitea.settings.server.HTTP_PORT}";
  #   labels = [
  #     # don't require docker/podman
  #     "native:host"
  #   ];
  #   tokenFile = "/var/lib/gitea/runner_token";
  # };
  
  services.postgresql = {
    enable = true;
    port = 5432;
    ensureUsers = [{
      name = "gitea";
      ensurePermissions = {
        "DATABASE \"gitea\"" = "ALL PRIVILEGES";
      };
      ensureClauses = {
        createdb = true;
      };
    }];
  };
  services.caddy.virtualHosts = {
    "ws.kcnhub.com" = {
      extraConfig = ''
        redir "https://git.ws.kcnhub.com/DavidC/WS-KCNHUB/wiki"
      '';
    };
    "${domain}" = {
      extraConfig = ''
        reverse_proxy 127.0.0.1:${toString config.services.gitea.settings.server.HTTP_PORT}
      '';           
    };
  };
}